Skip to:
Content

bbPress.org


Ignore:
Timestamp:
12/20/2017 04:55:13 PM (8 years ago)
Author:
johnjamesjacoby
Message:

Sub-actions: bail on completely invalid/empty get/post requests.

This change ensures that non-empty actions (sanitized via sanitize_key()) will not make their way into the get/post request actions.

This is in addition to similar checks added to AJAX requests in r6755.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/includes/core/sub-actions.php

    r6573 r6757  
    354354    $action = sanitize_key( $_POST['action'] );
    355355
     356    // Bail if action was totally invalid
     357    if ( empty( $action ) ) {
     358        return;
     359    }
     360
    356361    // This dynamic action is probably the one you want to use. It narrows down
    357362    // the scope of the 'action' without needing to check it in your function.
     
    381386    // Sanitize the GET action
    382387    $action = sanitize_key( $_GET['action'] );
     388
     389    // Bail if action was totally invalid
     390    if ( empty( $action ) ) {
     391        return;
     392    }
    383393
    384394    // This dynamic action is probably the one you want to use. It narrows down
Note: See TracChangeset for help on using the changeset viewer.